diff --git a/environments/proxmoxes/hosts.yml b/environments/proxmoxes/hosts.yml
index 58dcb49..c0da3fd 100644
--- a/environments/proxmoxes/hosts.yml
+++ b/environments/proxmoxes/hosts.yml
@@ -38,16 +38,21 @@ vms:
     children:
         printer:
         kubernetes:
-        docker:
+        docker_vms:
 
 
 docker:
-    hosts:
-        # swarm-node1.guaranteedstruggle.host:
-        # swarm-node2.guaranteedstruggle.host:
-        # swarm-node3.guaranteedstruggle.host:
+    children:
+        docker_vms:
+            hosts:
+                # swarm-node1.guaranteedstruggle.host:
+                # swarm-node2.guaranteedstruggle.host:
+                # swarm-node3.guaranteedstruggle.host: 
+                harbor.guaranteedstruggle.host:
+        docker_lxc:
+            hosts:
+                nexus.guaranteedstruggle.host:
 
-        harbor.guaranteedstruggle.host:
 
 kubernetes:
     hosts:
@@ -69,7 +74,7 @@ printer:
 
 #### TODO 
 lxc:
-  hosts:
+    hosts:
 
 
 
@@ -99,4 +104,6 @@ lxc:
     # # price-loader.just-for-me.internal:
 
     #gpu-slut.guaranteedstruggle.host: 
-    root-ca.guaranteedstruggle.host:
\ No newline at end of file
+    root-ca.guaranteedstruggle.host:
+    children:
+        docker_lxc:
\ No newline at end of file
diff --git a/playbooks/packages.yml b/playbooks/packages.yml
index a7583ad..a55b396 100644
--- a/playbooks/packages.yml
+++ b/playbooks/packages.yml
@@ -20,6 +20,7 @@
           - jq
           - rsync
           - unzip
+          - ca-certificates
           
         #state: latest 
         state: present 
diff --git a/playbooks/software/docker.yml b/playbooks/software/docker.yml
new file mode 100644
index 0000000..a4b267d
--- /dev/null
+++ b/playbooks/software/docker.yml
@@ -0,0 +1,45 @@
+---
+- name: Migrate Docker repository to modern DEB822 standard
+  hosts: docker
+  become: true
+  tasks:
+    # 1. Зачищаем старые следы (legacy-дефолт)
+    - name: Remove legacy Docker apt source list if exists
+      ansible.builtin.file:
+        path: /etc/apt/sources.list.d/docker.list
+        state: absent
+
+    - name: Remove legacy Docker GPG key from trusted.gpg.d
+      ansible.builtin.file:
+        path: /etc/apt/trusted.gpg.d/docker.gpg
+        state: absent
+
+    # 2. Разворачиваем репозиторий по "актуальной мете"
+    - name: Setup Docker CE repository using deb822 format
+      ansible.builtin.deb822_repository:
+        name: docker
+        types: deb
+        uris: https://download.docker.com/linux/debian
+        # ansible_distribution_release автоматически подставит имя дистрибутива (например, bookworm или trixie)
+        suites: "{{ ansible_distribution_release }}"
+        components: stable
+        # Ansible сам скачает текстовый ключ, дебронирует его в бинарный 
+        # и сохранит по канону в /etc/apt/keyrings/docker.gpg
+        signed_by: https://download.docker.com/linux/debian/gpg
+      register: docker_repo_added
+
+    # 3. Обновляем кэш пакетов только при изменениях
+    - name: Run apt update
+      ansible.builtin.apt:
+        update_cache: true
+      when: docker_repo_added.changed
+ 
+         
+    - name: Install the packages versions
+      ansible.builtin.package:
+        name:
+          - docker-ce
+          - docker-ce-cli
+          - containerd.io
+          - docker-buildx-plugin
+          - docker-compose-plugin
\ No newline at end of file